<?php
!defined('M_P') && exit('Forbidden');
!$winduid && Showmsg('not_login');

if ($db_question && ($o_share_qcheck || $o_photos_qcheck)) {
	$qkey = array_rand($db_question);
}

require_once(R_P.'require/showimg.php');

InitGP(array('a','u'));

!$db_phopen && Showmsg('photos_close');

$u = $u ? $u : $winduid;
if ($u && $u != $winduid) {
	$userdb = $db->get_one("SELECT username,icon FROM pw_members WHERE uid=".pwEscape($u));
	if (empty($userdb)) {
		$errorname = '';
		Showmsg('user_not_exists');
	}
	$thisbase = $basename .'u='.$u.'&';
	list($faceimg) = showfacedesign($userdb['icon'],1,'s');
	$username = $userdb['username'];
	(empty($a) || $a == 'friend') && $a = 'own';
} else {
	$username = $windid;
	list($faceimg) = showfacedesign($winddb['icon'],1,'s');
	$thisbase = $basename;
}

if (empty($a) || $a == 'friend') {
	
	$a_key = 'friend';
	InitGP(array('page'),'GP',2);
	$page < 1 && $page = 1;
	$db_perpage = 10;
	$sum = $db->get_value("SELECT COUNT(*) AS sum FROM pw_friends f LEFT JOIN pw_cnalbum c ON c.atype='0' AND f.friendid=c.ownerid WHERE f.uid=" . pwEscape($winduid) . ' AND f.uid!=f.friendid AND c.aid IS NOT NULL');

	$lastpid = array();
	$albumdb = array();
	$smphoto = array();
	$query = $db->query("SELECT c.aid,c.aname,c.photonum,c.ownerid,c.owner,c.lastphoto,c.lastpid,c.lasttime,m.groupid FROM pw_friends f LEFT JOIN pw_cnalbum c ON c.atype='0' AND c.ownerid=f.friendid LEFT JOIN pw_members m ON c.ownerid=m.uid WHERE f.uid=" . pwEscape($winduid) . ' AND f.uid!=f.friendid AND c.aid IS NOT NULL ORDER BY c.aid DESC' . pwLimit(($page - 1) * $db_perpage, $db_perpage));
	while ($rt = $db->fetch_array($query)) {
		$rt['lasttime']		= get_date($rt['lasttime']);
		$rt['lastphoto']	= getphotourl($rt['lastphoto']);
		if ($rt['groupid'] == 6 && $db_shield && $groupid != 3) {
			$rt['lastphoto'] = $pwModeImg.'/banuser.gif';
		}
		if ($rt['lastpid']) {
			$lastpid = array_merge($lastpid,explode(',',$rt['lastpid']));
		}
		$albumdb[] =  $rt;
	}
	if ($lastpid) {
		$query = $db->query("SELECT c.pid,c.aid,c.path,m.groupid FROM pw_cnphoto c LEFT JOIN pw_members m ON c.uploader=m.username WHERE c.pid IN(" . pwImplode($lastpid) . ') ORDER BY c.pid DESC');
		while ($rt = $db->fetch_array($query)) {
			$rt['path']	= getphotourl($rt['path']);
			if ($rt['groupid'] == 6 && $db_shield && $groupid != 3) {
				$rt['path'] = $pwModeImg.'/banuser.gif';
			}
			$smphoto[$rt['aid']][] = $rt;
		}
	}
	require_once(R_P.'require/header.php');
	require_once PrintEot('m_photos');footer();

} elseif ($a == 'own') {
	
	$a_key = 'own';
	InitGP(array('page'),'GP',2);
	$page < 1 && $page = 1;
	$db_perpage = 10;
	$sum = $db->get_value("SELECT COUNT(*) AS sum FROM pw_cnalbum WHERE atype='0' AND ownerid=" . pwEscape($u));

	$lastpid = array();
	$albumdb = array();
	$smphoto = array();
	$query = $db->query("SELECT c.aid,c.aname,c.photonum,c.ownerid,c.owner,c.lastphoto,c.lastpid,c.lasttime,c.private,m.groupid FROM pw_cnalbum c LEFT JOIN pw_members m ON c.ownerid=m.uid WHERE c.atype='0' AND c.ownerid=" . pwEscape($u) . ' ORDER BY c.aid DESC' . pwLimit(($page - 1) * $db_perpage, $db_perpage));
	while ($rt = $db->fetch_array($query)) {
		$rt['lasttime']		= get_date($rt['lasttime']);
		$rt['lastphoto']	= getphotourl($rt['lastphoto']);
		if ($rt['groupid'] == 6 && $db_shield && $groupid != 3) {
			$rt['lastphoto'] = $pwModeImg.'/banuser.gif';
		}
		if ($rt['lastpid']) {
			$lastpid = array_merge($lastpid,explode(',',$rt['lastpid']));
		}
		$albumdb[] =  $rt;
	}
	if ($lastpid) {
		$query = $db->query('SELECT c.pid,c.aid,c.path,m.groupid FROM pw_cnphoto c LEFT JOIN pw_members m ON c.uploader=m.username ORDER BY c.pid DESC LIMIT 6');
		while ($rt = $db->fetch_array($query)) {
			$rt['path']	= getphotourl($rt['path']);
			if ($rt['groupid'] == 6 && $db_shield && $groupid != 3) {
				$rt['path'] = $pwModeImg.'/banuser.gif';
			}
			$smphoto[$rt['aid']][] = $rt;
		}
	}
	require_once(R_P.'require/header.php');
	require_once PrintEot('m_photos');footer();
	
} elseif ($a == 'album') {
	$a_key = 'own';
	InitGP(array('aid','page'), null, 2);

	$page < 1 && $page = 1;
	$db_perpage = 20;
	$cnpho = array();
	$album = $db->get_one("SELECT c.aname,c.aintro,c.private,c.ownerid,c.owner,c.lastphoto,c.photonum,m.groupid FROM pw_cnalbum c LEFT JOIN pw_members m ON c.ownerid=m.uid WHERE c.atype='0' AND c.aid=" . pwEscape($aid));
	empty($album) && Showmsg('data_error');
	$album['lastphoto']	= getphotourl($album['lastphoto']);
	if ($album['groupid'] == 6 && $db_shield && $groupid != 3) {
		$album['lastphoto'] = $pwModeImg.'/banuser.gif';
		$album['aintro'] = appShield('ban_album_aintro');
	}
	if ($album['ownerid'] <> $winduid && $album['private'] == 1 && !isFriend($album['ownerid'],$winduid)) {
		Showmsg('mode_o_photos_private');
	}

	$atc_name = getLangInfo('o','album',false,1);
	$title = "$album[owner] ($db_bbsurl/{$basename}q=photos&a=album&u=$album[ownerid]&aid=$aid)";
	$descrip = $album['aintro'];

	$query = $db->query("SELECT c.pid,c.path,c.ifthumb,c.uptime,m.groupid FROM pw_cnphoto c LEFT JOIN pw_members m ON c.uploader=m.username WHERE c.aid=" . pwEscape($aid) . ' ORDER BY c.pid ' . pwLimit(($page - 1) * $db_perpage, $db_perpage));
	while ($rt = $db->fetch_array($query)) {
		$rt['path']	= getphotourl($rt['path'], $rt['ifthumb']);
		if ($rt['groupid'] == 6 && $db_shield && $groupid != 3) {
			$rt['path'] = $pwModeImg.'/banuser.gif';
		}
		$rt['uptime']	= get_date($rt['uptime']);
		$cnpho[] = $rt;
	}
	$u = $album['ownerid'];
	$username = $album['owner'];
	require_once(R_P.'require/header.php');
	require_once PrintEot('m_photos');footer();

} elseif ($a == 'view') {
	$a_key = 'own';
	InitGP(array('pid'), null, 2);

	$photo = $db->get_one("SELECT p.pid,p.aid,p.pintro,p.path as basepath,p.uploader,p.uptime,p.hits,p.c_num,p.ifthumb,a.aname,a.private, a.ownerid,a.owner,a.photonum,m.groupid FROM pw_cnphoto p LEFT JOIN pw_cnalbum a ON p.aid=a.aid LEFT JOIN pw_members m ON p.uploader=m.username WHERE p.pid=" . pwEscape($pid) . " AND a.atype='0'");
	empty($photo) && Showmsg('data_error');

	if ($photo['ownerid'] <> $winduid && $photo['private'] == 1 && !isFriend($photo['ownerid'],$winduid)) {
		Showmsg('mode_o_photos_private');
	}

	$atc_name = getLangInfo('o','photo',false,1);
	$title = "$photo[owner] ($db_bbsurl/{$basename}q=photos&a=view&u=$photo[ownerid]&pid=$photo[pid])";
	$descrip = $photo['pintro'];

	$photo['uptime'] = get_date($photo['uptime']);
	$photo['path'] = getphotourl($photo['basepath']);
	if ($photo['groupid'] == 6 && $db_shield && $groupid != 3) {
		$photo['path'] = $pwModeImg.'/banuser.gif';
		$photo['pintro'] = appShield('ban_photo_pintro');
	}
	$u = $photo['ownerid'];
	$username = $photo['owner'];
	$aid = $photo['aid'];
	$num = $db->get_value("SELECT COUNT(*) AS sum FROM pw_cnphoto WHERE aid=" . pwEscape($photo['aid']) . ' AND pid<=' . pwEscape($pid));

	$nearphoto = array();

	$up_photo = $db->get_one("SELECT p.pid,p.path,p.ifthumb,m.groupid FROM pw_cnphoto p LEFT JOIN pw_cnalbum a ON p.aid=a.aid LEFT JOIN pw_members m ON p.uploader=m.username WHERE p.pid<".pwEscape($pid)." AND  a.ownerid=".pwEscape($u)." AND p.aid=".pwEscape($aid)." ORDER BY pid DESC");
	if ($up_photo) {
		$up_photo['path'] = getphotourl($up_photo['path'],$up_photo['ifthumb']);
		if ($up_photo['groupid'] == 6 && $db_shield && $groupid != 3) {
			$up_photo['path'] = $pwModeImg.'/banuser.gif';
		}
		$nearphoto[] = $up_photo;
	} else {
		$nearphoto[] = array('pid'=>'begin','path'=>'mode/o/images/pbegin.jpg');
	}
	$thumb_basepath = getphotourl($photo['basepath'],$photo['ifthumb']);
	if ($photo['groupid'] == 6 && $db_shield && $groupid != 3) {
		$thumb_basepath = $pwModeImg.'/banuser.gif';
	}
	$nearphoto[] = array('pid'=>$pid,'path'=>$thumb_basepath);

	$next_photo = $db->get_one("SELECT p.pid,p.path,p.ifthumb,m.groupid FROM pw_cnphoto p LEFT JOIN pw_cnalbum a ON p.aid=a.aid LEFT JOIN pw_members m ON p.uploader=m.username WHERE p.pid>".pwEscape($pid)." AND  a.ownerid=".pwEscape($u)." AND p.aid=".pwEscape($aid)." ORDER BY pid");
	if ($next_photo) {
		$next_photo['path'] = getphotourl($next_photo['path'],$next_photo['ifthumb']);
		if ($next_photo['groupid'] == 6 && $db_shield && $groupid != 3) {
			$next_photo['path'] = $pwModeImg.'/banuser.gif';
		}
		$nearphoto[] = $next_photo;
	} else {
		$nearphoto[] = array('pid'=>'end','path'=>'mode/o/images/pend.jpg');
	}
	require_once(R_P.'require/header.php');
	require_once PrintEot('m_photos');footer();

} elseif ($a == 'next') {
	define('AJAX',1);
	InitGP(array('pid','aid'), null, 2);
	if ($aid) {
		$next_photo = $db->get_one("SELECT c.pid,c.path,c.ifthumb,m.groupid FROM pw_cnphoto c LEFT JOIN pw_members m ON c.uploader=m.username WHERE c.pid>".pwEscape($pid)." AND  c.aid=".pwEscape($aid)." ORDER BY c.pid");
		if ($next_photo) {
			$next_photo['path'] = getphotourl($next_photo['path'],$next_photo['ifthumb']);
			if ($next_photo['groupid'] == 6 && $db_shield && $groupid != 3) {
				$next_photo['path'] = $pwModeImg.'/banuser.gif';
			}
			unset($next_photo['ifthumb']);
			$pid = pwJsonEncode($next_photo);
			echo "ok\t$pid";
		} else {
			echo "end";
		}
	} else {
		$pid = $db->get_value("SELECT MIN(b.pid) AS pid FROM pw_cnphoto a LEFT JOIN pw_cnphoto b ON a.aid=b.aid AND a.pid<b.pid WHERE a.pid=" . pwEscape($pid));
		echo "ok\t$pid";
	}
	
	ajax_footer();
} elseif ($a == 'pre') {
	define('AJAX',1);
	InitGP(array('pid','aid'), null, 2);
	if ($aid) {
		$next_photo = $db->get_one("SELECT c.pid,c.path,c.ifthumb,m.groupid FROM pw_cnphoto c LEFT JOIN pw_members ON c.uploader=m.username WHERE c.pid<".pwEscape($pid)." AND  c.aid=".pwEscape($aid)." ORDER BY c.pid DESC");
		if ($next_photo) {
			$next_photo['path'] = getphotourl($next_photo['path'],$next_photo['ifthumb']);
			if ($next_photo['groupid'] == 6 && $db_shield && $groupid != 3) {
				$next_photo['path'] = $pwModeImg.'/banuser.gif';
			}
			unset($next_photo['ifthumb']);
			$pid = pwJsonEncode($next_photo);
			echo "ok\t$pid";
		} else {
			echo "begin";
		}
	} else {
		$pid = $db->get_value("SELECT MAX(b.pid) AS pid FROM pw_cnphoto a LEFT JOIN pw_cnphoto b ON a.aid=b.aid AND a.pid>b.pid WHERE a.pid=" . pwEscape($pid));
		echo "ok\t$pid";
	}
	ajax_footer();
} elseif ($a == 'editphoto') {
	banUser();
	$a_key = 'own';
	InitGP(array('pid'), null, 2);
	$isGM = CkInArray($windid,$manager);
	!$isGM && $groupid==3 && $isGM=1;
	$photo = $db->get_one("SELECT p.aid,p.pintro,a.ownerid FROM pw_cnphoto p LEFT JOIN pw_cnalbum a ON p.aid=a.aid WHERE pid=" . pwEscape($pid));
	if (empty($photo) || (!$isGM && ($photo['ownerid'] <> $winduid))) {
		Showmsg('data_error');
	}
	if (empty($_POST['step'])) {
		
		$options = '';
		$query = $db->query("SELECT aid,aname FROM pw_cnalbum WHERE atype='0' AND ownerid=" . pwEscape($photo['ownerid']) . ' ORDER BY aid DESC');
		while ($rt = $db->fetch_array($query)) {
			$options .= "<option value=\"$rt[aid]\"" . (($rt['aid'] == $photo['aid']) ? ' selected' : '') . ">$rt[aname]</option>";
		}
		require_once(R_P.'require/header.php');
		require_once PrintEot('m_photos');footer();

	} else {

		InitGP(array('pintro'),'P');
		InitGP(array('aid'), null, 2);
		!$aid && Showmsg('colony_albumclass');
		if (strlen($pintro)>255) Showmsg('album_pintro_toolang');
		
		if(@include(D_P."data/bbscache/wordsfb.php")){
			if ($wordsfb) {
				foreach ($wordsfb as $key => $value) {
					$banword = (string) stripslashes($key);
					if (strpos($pintro,$banword)!==false) {
						Showmsg('content_wordsfb');
					} 
				}
			}
			if ($replace) {
				foreach ($replace as $key => $value) {
					$banword = (string) stripslashes($key);
					if (strpos($pintro,$banword)!==false) {
						Showmsg('content_wordsfb');
					}
				}
			}
		}
		
		
		$pwSQL = array('pintro' => $pintro);

		$ischage = false;
		if ($aid != $photo['aid'] && $winduid == $db->get_value("SELECT ownerid FROM pw_cnalbum WHERE aid=" . pwEscape($aid))) {
			$pwSQL['aid'] = $aid;
			$ischage = true;
		}
		$db->update("UPDATE pw_cnphoto SET " . pwSqlSingle($pwSQL) . ' WHERE pid=' . pwEscape($pid));

		if ($ischage) {
			$phnum = array();
			$query = $db->query("SELECT aid,COUNT(*) AS sum FROM pw_cnphoto WHERE aid IN(" . pwImplode(array($aid,$photo['aid'])) . ') GROUP BY aid');
			while ($rt = $db->fetch_array($query)) {
				$phnum[$rt['aid']] = $rt['sum'];
			}
			$db->update("UPDATE pw_cnalbum SET " . pwSqlSingle(array('photonum' => $phnum[$aid] ? $phnum[$aid] : 0, 'lastpid' => implode(',',getLastPid($aid)))) . ' WHERE aid=' . pwEscape($aid));

			$db->update("UPDATE pw_cnalbum SET " . pwSqlSingle(array('photonum' => $phnum[$photo['aid']] ? $phnum[$photo['aid']] : 0, 'lastpid' => implode(',',getLastPid($photo['aid'])))) . ' WHERE aid=' . pwEscape($photo['aid']));
		}

		refreshto("{$thisbase}q=$q&a=view&pid=$pid",'operate_success');
	}
} elseif ($a == 'delphoto') {

	define('AJAX','1');
	InitGP(array('pid'), null, 2);
	$groupid==3 && $isGM=1;
	if ($isGM) {
		$whereadd = '';
	} else {
		$whereadd = " AND ca.ownerid=" . pwEscape($winduid);
	}
	$photo = $db->get_one("SELECT cp.path,ca.aid,ca.lastphoto,ca.lastpid FROM pw_cnphoto cp LEFT JOIN pw_cnalbum ca ON cp.aid=ca.aid WHERE cp.pid=" . pwEscape($pid) . " AND ca.atype='0' $whereadd");

	if (empty($photo)) {
		Showmsg('data_error');
	}
	$db->update("DELETE FROM pw_cnphoto WHERE pid=" . pwEscape($pid));

	$pwSQL = array();
	if ($photo['path'] == $photo['lastphoto']) {
		$pwSQL['lastphoto'] = $db->get_value("SELECT path FROM pw_cnphoto WHERE aid=" . pwEscape($photo['aid']) . " ORDER BY pid DESC LIMIT 1");
	}
	if (strpos(",$photo[lastpid],",",$pid,") !== false) {
		$pwSQL['lastpid'] = implode(',',getLastPid($photo['aid']));
	}
	$upsql = $pwSQL ? ',' . pwSqlSingle($pwSQL) : '';
	$db->update("UPDATE pw_cnalbum SET photonum=photonum-1{$upsql} WHERE aid=" . pwEscape($photo['aid']));

	pwDelatt($photo['path'], $db_ifftp);
	$lastpos = strrpos($photo['path'],'/') + 1;
	pwDelatt(substr($photo['path'], 0, $lastpos) . 's_' . substr($photo['path'], $lastpos), $db_ifftp);
	pwFtpClose($ftp);

	$affected_rows = delAppAction('photo',$pid) + 1;
	countPosts("-$affected_rows");
	echo 'ok'."\t".$photo['aid'];ajax_footer();

} elseif ($a == 'setcover') {
	define('AJAX','1');
	InitGP(array('pid'), null, 2);
	$whereadd = $groupid == 3 ? '' : " AND ca.ownerid=" . pwEscape($winduid);
	$photo = $db->get_one("SELECT cp.path,ca.aid,ca.lastphoto,ca.lastpid FROM pw_cnphoto cp LEFT JOIN pw_cnalbum ca ON cp.aid=ca.aid WHERE cp.pid=" . pwEscape($pid) . " AND ca.atype='0' $whereadd");

	if (empty($photo)) {
		Showmsg('data_error');
	}
	$db->update("UPDATE pw_cnalbum SET lastphoto=".pwEscape($photo['path']).' WHERE aid='.pwEscape($photo['aid']));
	echo 'ok'."\t".$photo['aid'];ajax_footer();
} elseif ($a == 'upload') {
	banUser();
	$a_key = 'upload';
	InitGP(array('aid'),null,2);

	if (empty($_POST['step'])) {

		$options = '';
		$query = $db->query("SELECT aid,aname FROM pw_cnalbum WHERE atype='0' AND ownerid=" . pwEscape($winduid) . ' ORDER BY aid DESC');
		while ($rt = $db->fetch_array($query)) {
			$options .= "<option value=\"$rt[aid]\"" . (($aid && $rt['aid'] == $aid) ? ' selected' : '') . ">$rt[aname]</option>";
		}
		require_once(R_P.'require/header.php');
		require_once PrintEot('m_photos');footer();

	} else {
		PostCheck(1,$o_photos_gdcheck,$o_photos_qcheck);
		InitGP(array('pintro'),'P');
		empty($pintro) && $pintro = array();
		if(@include(D_P."data/bbscache/wordsfb.php")){
			foreach ($pintro as $k => $v) {
				if ($wordsfb) {
					foreach ($wordsfb as $key => $value) {
						$banword = (string) stripslashes($key);
						if (strpos($v,$banword)!==false) {
							Showmsg('content_wordsfb');
						}
					}
				}
				if ($replace) {
					foreach ($replace as $key => $value) {
						$banword = (string) stripslashes($key);
						if (strpos($v,$banword)!==false) {
							Showmsg('content_wordsfb');
						}
					}
				}
			}
		}
		
		if (!$aid) {
			$albumcheck = $db->get_one("SELECT aid FROM pw_cnalbum WHERE atype='0' AND ownerid=".pwEscape($winduid).pwLimit(1));
			if ($albumcheck) {
				Showmsg('colony_albumclass');
			} else {
				$db->update("INSERT INTO pw_cnalbum SET " . pwSqlSingle(array(
					'aname'		=> getLangInfo('o','defaultalbum',false,1),		'atype'		=> 0,
					'ownerid'	=> $winduid,		'owner'		=> $windid,
					'lasttime'	=> $timestamp,		'crtime'	=> $timestamp
				)));
				$aid = $db->insert_id();
			}
		}
		!$aid && Showmsg('colony_albumclass');

		$rt = $db->get_one("SELECT aname,photonum,ownerid,private,lastphoto FROM pw_cnalbum WHERE atype='0' AND aid=" . pwEscape($aid));
		if (empty($rt)) {
			Showmsg('undefined_action');
		} elseif ($winduid != $rt['ownerid']) {
			Showmsg('colony_phototype');
		}
		$rt['photonum'] >= $o_maxphotonum && Showmsg('colony_photofull');

		require_once(R_P.'require/postfunc.php');
		$db_attachdir = $o_mkdir;
		!$cn_maxfilesize && $cn_maxfilesize = 1000;
		$db_uploadfiletype = array();
		$db_uploadfiletype['gif'] = $db_uploadfiletype['jpg'] = $db_uploadfiletype['jpeg'] = $db_uploadfiletype['bmp'] = $db_uploadfiletype['png'] = $o_maxfilesize;
		list($db_thumbw,$db_thumbh) = explode("\t",$db_athumbsize);
		$db_athumbsize = "100\t100";
		$uploaddb = UploadFile($winduid,'photo');
		pwFtpClose($ftp);
		$photoNum = 0;$photos = array();
		foreach ($uploaddb as $value) {
			if ($value['attachurl']) {
				$photoNum++;
				$fileuplodeurl = $value['attachurl'];
				$photos[] = array(
					'aid'		=> $aid,
					'pintro'	=> $pintro[$value['id']],
					'path'		=> $value['attachurl'],
					'uploader'	=> $windid,
					'uptime'	=> $timestamp,
					'ifthumb'	=> $value['ifthumb']
				);
			}
		}

		empty($photoNum) && Showmsg('colony_uploadnull');
		$db->update("INSERT INTO pw_cnphoto (aid,pintro,path,uploader,uptime,ifthumb) VALUES " . pwSqlMulti($photos));
		$pid = $db->insert_id();
		$lastpid = getLastPid($aid,4);
		array_unshift($lastpid,$pid);

		if (!$rt['private']) {
			$feedText = "[url=$db_bbsurl/{$thisbase}q=photos&a=album&aid=$aid&u=$winduid]{$rt[aname]}[/url]\n";
			foreach ($photos as $value) {
				$feedText .= "[url=$db_bbsurl/{$thisbase}q=photos&a=view&pid=$pid&u=$winduid][img]".getphotourl($value['path'], $value['ifthumb'])."[/img][/url]&nbsp;";
			}
			pwAddFeed($winduid,'photo',$pid,array('num'=>$photoNum,'text'=>$feedText));
		}

		$db->update("UPDATE pw_cnalbum SET photonum=photonum+".pwEscape($photoNum,false).",lasttime=" . pwEscape($timestamp,false) . ',lastpid=' . pwEscape(implode(',',$lastpid)) . (!$rt['lastphoto'] ? ',lastphoto='.pwEscape($fileuplodeurl) : '') . " WHERE aid=" . pwEscape($aid));
		countPosts("+$photoNum");
		refreshto("{$thisbase}q=$q&a=view&pid=$pid",'operate_success');
	}
} elseif ($a == 'create') {
	banUser();
	$a_key = 'create';
	if (empty($_POST['step'])) {

		$rt = array();
		$select_0 = 'selected';
		require_once(R_P.'require/header.php');
		require_once PrintEot('m_photos');footer();

	} else {
		PostCheck(1,$o_photos_gdcheck,$o_photos_qcheck);
		InitGP(array('aname','aintro'),'P');
		InitGP(array('private'),'P',2);
		!$aname && Showmsg('colony_aname_empty');
		if (strlen($aname)>24) Showmsg('colony_aname_toolang');
		if (strlen($aintro)>255) Showmsg('colony_aintro_toolang');
		
		if(@include(D_P."data/bbscache/wordsfb.php")){
			if ($wordsfb) {
				foreach ($wordsfb as $key => $value) {
					$banword = (string) stripslashes($key);
					if (strpos($aname,$banword)!==false) {
						Showmsg('title_wordsfb');
					} elseif (strpos($aintro,$banword)!==false) {
						Showmsg('content_wordsfb');
					}
				}
			}
			if ($replace) {
				foreach ($replace as $key => $value) {
					$banword = (string) stripslashes($key);
					if (strpos($aname,$banword)!==false) {
						Showmsg('title_wordsfb');
					} elseif (strpos($aintro,$banword)!==false) {
						Showmsg('content_wordsfb');
					}
				}
			}
		}
		
		if ($o_albumnum2 > 0 && $o_albumnum2 <= $db->get_value("SELECT COUNT(*) AS count FROM pw_cnalbum WHERE atype='0' AND ownerid=" . pwEscape($winduid))) {
			Showmsg('colony_album_num2');
		}
		if ($o_camoney) {
			require_once R_P.'require/credit.php';
			if ($o_camoney > $credit->get($winduid,$o_moneytype)) {
				$moneyname = $credit->cType[$o_moneytype];
				Showmsg('colony_moneylimit2');
			}
			$credit->addLog('hack_cyalbum',array($o_moneytype => -$o_camoney),array(
				'uid'		=> $winduid,
				'username'	=> $windid,
				'ip'		=> $onlineip,
				'aname'		=> $aname
			));
			$credit->set($winduid,$o_moneytype,-$o_camoney);
		}
		$db->update("INSERT INTO pw_cnalbum SET " . pwSqlSingle(array(
				'aname'		=> $aname,			'aintro'	=> $aintro,
				'atype'		=> 0,				'private'	=> $private ? 1 : 0,
				'ownerid'	=> $winduid,		'owner'		=> $windid,
				'lasttime'	=> $timestamp,		'crtime'	=> $timestamp
		)));
		//countPosts('+1');
		refreshto("{$thisbase}q=$q&a=own",'operate_success');
	}
} elseif ($a == 'delalbum') {

	define('AJAX', 1);
	InitGP(array('aid'), null, 2);
	$album = $db->get_one("SELECT * FROM pw_cnalbum WHERE aid=" . pwEscape($aid) . " AND atype='0'");

	if (empty($album) || $album['ownerid'] != $winduid) {
		Showmsg('data_error');
	}

	if (empty($_POST['step'])) {

		require_once PrintEot('m_ajax');
		ajax_footer();

	} else {

		$query = $db->query("SELECT pid,path,ifthumb FROM pw_cnphoto WHERE aid=" . pwEscape($aid));
		if (($num = $db->num_rows($query)) > 0) {
			$affected_rows = 0;
			while ($rt = $db->fetch_array($query)) {
				pwDelatt($rt['path'], $db_ifftp);
				if ($rt['ifthumb']) {
					$lastpos = strrpos($rt['path'],'/') + 1;
					pwDelatt(substr($rt['path'], 0, $lastpos) . 's_' . substr($rt['path'], $lastpos), $db_ifftp);
				}
				$affected_rows += delAppAction('photo',$rt['pid'])+1;//TODO 效率？
			}
			pwFtpClose($ftp);
			countPosts("-$affected_rows");
		}
		$db->update("DELETE FROM pw_cnphoto WHERE aid=" . pwEscape($aid));
		$db->update("DELETE FROM pw_cnalbum WHERE aid=" . pwEscape($aid));

		echo getLangInfo('msg','operate_success') . "\tjump\t{$thisbase}q=$q&a=own";
		ajax_footer();
	}
} elseif ($a == 'editalbum') {
	define('AJAX', 1);
	banUser();
	InitGP(array('aid'));
	empty($aid) && Showmsg('data_error');

	$rt = $db->get_one("SELECT aid,aname,aintro,atype,private,ownerid FROM pw_cnalbum WHERE aid=" . pwEscape($aid));
	if (empty($rt) || $rt['atype'] <> 0 || $rt['ownerid'] <> $winduid) {
		Showmsg('data_error');
	}
	if (empty($_POST['step'])) {
		${'select_'.$rt['private']} = 'selected';
		require_once PrintEot('m_ajax');ajax_footer();

	} else {

		InitGP(array('aname','aintro'),'P');
		InitGP(array('private'),'P',2);
		!$aname && Showmsg('colony_aname_empty');
		if (strlen($aname)>24) Showmsg('colony_aname_toolang');
		if (strlen($aintro)>255) Showmsg('colony_aintro_toolang');
		
		if(@include(D_P."data/bbscache/wordsfb.php")){
			if ($wordsfb) {
				foreach ($wordsfb as $key => $value) {
					$banword = (string) stripslashes($key);
					if (strpos($aname,$banword)!==false) {
						Showmsg('title_wordsfb');
					} elseif (strpos($aintro,$banword)!==false) {
						Showmsg('content_wordsfb');
					}
				}
			}
			if ($replace) {
				foreach ($replace as $key => $value) {
					$banword = (string) stripslashes($key);
					if (strpos($aname,$banword)!==false) {
						Showmsg('title_wordsfb');
					} elseif (strpos($aintro,$banword)!==false) {
						Showmsg('content_wordsfb');
					}
				}
			}
		}
		
		$db->update("UPDATE pw_cnalbum SET " . pwSqlSingle(array('aname' => $aname, 'aintro' => $aintro, 'private' => $private ? 1 : 0)) . ' WHERE aid=' . pwEscape($aid));

		refreshto("{$thisbase}q=$q&a=own",'operate_success');
	}
}
?>